Controller Manager as an internal management control center of the cluster responsible Node, Pod copy service endpoint (Endpoint) within the cluster, the namespace (Namespace), the service account (ServiceAccount), resource quotas (ResourceQuota) such as management, when a Node when unexpected downtime, to detect and perform automated repair process.
Internal Controller Manager contains Replication Controller, Node Controller, ResourceQuota Controller, Namespace Controller, ServiceAccount Controller, Token Controller, Service Controller and Endpoint Controller and other Controller, Controller are each responsible for a particular control flow.
1.1 Replication Controller
To distinguish Controller Manager in the Replication Controller controller and a copy of the resource objects Replication Controller. The resource object abbreviated as RC. Replication Controller refers to a copy of the controller
Make sure to keep a copy of a preset number of copies Pod RC associated with the cluster controller any time a central role. Beyond destroy, otherwise create. Only when the pod restart policy for Always, will manage the operation of the pod. When the pod will not disappear after being created, the only exception when the pod is in succeeded or failed state for too long, the system is automatically recovered. A copy of the controller and then re-create the work of other nodes, run pod copy.
Pod template RC is like a mold, to produce something away from the die, there is no relationship between the. After the pod is created, the template of how this change will not affect the pod. RC from the pod can modify the control label. For migration, data restoration from the cluster debugging. After the pod is migrated, RC creates a pod before the new pod instead. RC does not affect the pod delete previously created, if you want to delete the pod RC control, the number of copies of RC is set to 0
A copy of the following duties controller
(1) ensure that the number of the current cluster Pod copies and only the N Pod example, N RC time defined
(2) is achieved by adjusting the system expansion spec.replicas attribute value RC and volume reduction.
(3) to implement a rolling upgrade your system by changing the template pod RC in (mainly mirrored version).
1.2 Node Controller
kubelet the timing report status information to the API Server, after receiving the update information to etcd API Server. Etcd storage node information includes the node health, resource node, node name, node address information, operating system version, Docker version, kubelet version. Node contains the health status Ready True, False and unknown Unknown Not Ready three.
If --clustr-cidr parameter is set, then there is no set time for each Spec (1) starts. The Node PodCIDR node generates a CIDR address, and the address provided by the node Spec.PodCIDR CIDR properties. Hey, but to prevent the different lines of CIDR address conflict.
(2) one by one the read node information, node status information of several attempts to modify the nodeStatusMap, the node information stored in nodeStatusMap Node Controller and the node information comparison. If the node is determined not received kubelet information sent or received for the first time, or node state becomes unhealthy. NodeStatusMap then the saved state information of the node, and a time at which the system as a node Node Controller and the node state change detection time period. If the node information has changed, save the node status information. And a time at which the system is not for the node Node Controller node state change detection time and time. If the node receiving the message, but the state did not change, but the state information saved Department Hey, where nodes with Node Controller system time as the detection time, the last node by node status information change over time as the state of the node changes over time. If time did not receive node status information, set node status is unknown, and through the API Server node saving state.
(3) one by one the read node information, node status if a non-ready state, the node is added to the queue to be deleted, or delete a node from the queue. If the node status is non-ready state, and the system specifies the Cloud Provider, is called Cloud Provider View node, find the node fails, delete nodes etcd information, and deletes the node information and other resources related to the pod.
1.3 ResourceQuota Controller
Resource quota management to ensure that the specified resource object again at any time does not occupy excessive physical system resources, avoid certain defects in design or implementation of business processes and even cause the entire system to run disorders unplanned downtime, smooth running and stability of the clusters nature has a very important role.
kubernetes supports the following three levels of resource quota management.
(1) the level of the container, limit the CPU and Memory
(2) Pod level of available resources for all containers within a pod to be limiting.
Number of PV (3) Namespace level, for the Namespace multi-tenant level of resource constraints, including the number of pod, the number of RC, Service number, ResourceQuota number, the number of Secert, can be held.
kubernetes quota management controlled by Admission Control Admission Control, Admission Control provides current quota constraints in two ways, namely LimitRanger and ResourceQuota. Where the LimitRanger scope Pod and Container, ResourceQuota acting on the Namespace, Namespace limit the total use in all kinds of resources.
1.4 Namespace Controller
Users can create a new Namespace by Apiserver and stored in etcd in, Namespace Controller periodically read these Namespace information through the API Server. If the Namespace API is represented as elegant deleted, the state set the NameSpace hi to Terminating and saved to etcd in, Namespace Controller delete all resource objects in this Namespace.
When Namespace state is set to Terminating, Admission Controller of NamespaceLifecycle plug-in to prevent Namespace create a new resource for that. After the Namespace Namespace Controller finish delete all resource objects, perform the finalize operation of the Namespace, Namespace delete information of spec.finalizers domain.
If Namespace deadline set delete, and spec.finalizers field is empty, Namespace Controller delete the Namespace resources through API Server.
1.5 Service Controller与Endpoint Controller
Endpoints represent the addresses of all Pod access a copy of the corresponding Service, and endpoints controller is responsible for generating and maintaining control of all Endpoints objects. Service is responsible for monitoring changes and the corresponding copy of the pod, if the Service is deleted, deleted, and the Service Endpoints objects of the same name. If the new Service is created or modified, to obtain the relevant information pod list according to the Service, and then create or update Service Endpoints corresponding object. If the pod to monitor the event, the update Endpoints of its corresponding target Service
kube-proxy process on each of each Service Node obtain Endpoints, load balancing Service.